A cookie policy should describe which cookies your website sets, with the provider, purpose, retention period and classification for each cookie. See our overview of what exactly must be in a cookie policy. The only question is: where does that information come from?
The problem with classic generators
Most free cookie policy generators work from a questionnaire. Do you use Google Analytics? Do you have a Facebook pixel? Tick what applies, and out comes a text.
That model has one fundamental problem: it assumes you know which cookies your website sets. And most site owners do not, through no fault of their own:
- The marketing colleague added a campaign tag through Google Tag Manager last year.
- The web agency installed a chat widget that sets cookies.
- A single embedded YouTube video brings Google tracking cookies along.
- The booking plugin drops a pixel nobody ever consciously chose.
The result: a neatly formatted cookie policy that lists cookies you do not have, and stays silent about cookies you do set. Such a policy is worse than no policy, because it proves in writing that your disclosure does not match reality. And with that, the consent your cookie banner collects is not validly informed either.
How GDPRWise does it differently: scanning instead of asking
GDPRWise flips the approach. Instead of interrogating you, our scanner visits your website like a real visitor and records what happens:
- Detection. The scan visits your website and records every cookie that gets set: first-party and third-party, session and persistent cookies, analytics pixels and social embeds.
- Enrichment. Every detected cookie is matched against our cookie database and automatically completed with provider, purpose, retention period and classification, exactly the metadata a GDPR-compliant cookie policy requires.
- Generation. From the completed cookie table, GDPRWise generates a full cookie policy, including the explanations of what cookies are, how visitors withdraw consent and how changes are communicated.
- Publication. Publish the policy via a snippet that updates automatically, export it as a dated and versioned PDF, or link to it from your cookie banner.
The scan is free and requires no account. To generate, publish and export the full policy, you create a free account.
The biggest advantage: your policy keeps being right
Generating a cookie policy is one thing; keeping it current is the real work. Websites change constantly, and every change can introduce new cookies.
That is why GDPRWise does not stop after the first scan. We rescan your website periodically. When new cookies, trackers or third parties appear, we alert you, your dossier is updated and your cookie policy is regenerated. If you use the embed snippet, the current version is automatically live on your website, without you having to think about it.
Compare that to the classic model: a static document that starts ageing the day you publish it.
More than just a cookie policy
The cookie policy is one document out of your GDPR dossier. The same scan that detects your cookies also maps your forms, third-party services and systems, and so forms the basis for your privacy policy and processing register. Everything is generated from the same source, so your documents never contradict each other. Also read how the scan works exactly.
Enter your domain and see every cookie your website sets within 2 minutes, including provider, purpose, retention period and classification. No credit card needed.